The threat is the continuously demonstrated lack of understanding what is on-the-line for these businesses. In addition to these new requirements that are highlighted in the most recent version of the DFAR (Defense Federal Acquisition Regulation)—widely seen as the Holy Bible of what a Defense Contractor must demonstrate adherence to, was the requirements set forth by 47 States for breach notification.
Back in 2013, DFAR required a contractor supporting the Government to attest they adhere to 51 individual controls from the NIST SP800-53 “Security and Privacy Controls for Federal Systems”.
